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Bottom  Line  Up  Front 

►  MIL-STD  882  is  the  DoD  Standard  Practice  for  System  Safety 

►  DoDI  5000.02  requires  programs  to  use  MIL-STD  882  system 
safety  process  to  integrate  ESOH  considerations  into  Systems 
Engineering 

►  When  issued,  the  new  MIL-STD-882E  will  include  task 
descriptions  that  can  be  placed  on  contract  with  the  Original 
Equipment  Manufacturer/Prime  Contractor 

►  Task  210  describes  how  the  contractor  should  use  the 
MIL-STD  882E  system  safety  risk  management  process  for 
Environmental  Hazard  Analysis 
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Overview 


►  Introduction 

►  Background 

-  MIL-STD  882  System  Safety  Process 

-  Risk  Assessment  Matrix 

-  Severity 

-  Probability 

►  Task  210 

-  Purpose  and  Structure 

-  Example  Hazard 

►  Risk  Acceptance 
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Introduction  -  Defense  Acquisition  Management  System 


User  Needs 


Strategic 

Joint 

Guidance 

Concepts 

Capabilities  -  Based 
Assessment 


W\ 


Materiel 

Solution 

Analysis 


OSD/JCS  COCOM 


Technology 

Development 

CDD 

Engineering  &  Manuf 
Development 

o  o 


CPD 


j/ 


JCIDS  Process 


Production  & 
Deployment 

o 


Incremental  development 


Acquisition  Process 


o&s 


SAF/AQRE 


Booz  I  Allen  I  Hamilton 


3 


Introduction  -  DoD  5000.02  Acquisition  ESOH  Policy 

►  Use  MIL-STD-882D,  DoD  Standard  Practice  for  System  Safety 

-  In  all  developmental  and  sustaining  engineering  activities 

-  To  manage  ESOH  risks  as  part  of  the  systems  engineering 
process 

-  Across  the  Acquisition  Life  cycle 


ESOH  refers  to  all  individual,  but  interrelated,  disciplines  that 
encompass  environment,  safety,  and  occupational  health 
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Background  -  MIL-STD-882D  System  Safety  Process 


1 .  Document  the  system  safety  approach 

2.  Identify  hazards 


3. 

4. 

5. 

6. 
7. 


Assess  risk 


Identify  mitigation  measures 


Reduce  risk 


Verify  risk  reduction 


Accept  risk 


SYSTEM  SAFETY  ORDER  OF  PRECIDENCE 

1 .  Eliminate  hazards  through  design  selection 

2.  Reduce  risk  through  design  alteration 

3.  Incorporate  engineered  features  or  devices 

4.  Provide  warning  devices 

5.  Develop  procedures  and  training 


8.  Manage  life-cycle  risk 


Risk  =  Severity  x  Probability 
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Background  -  The  Risk  Assessment  Matrix 
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Background  -  ESOH  Risk:  Severity 


/  - 

‘N 

SEVERITY  CATEGORIES 

Severity 

Category 

Severity 

Level 

Environment,  Safety,  and  Occupational 

Health  Mishap  Result  Criteria 

Catastrophic 

1 

Could  result  in  one  or  more  of  the  following:  death,  permanent  total  disability,  irreversible 
significant  environmental  impact,  or  loss  exceeding  $1QM. 

Critical 

2 

Could  result  in  one  or  more  of  the  following:  permanent  partial  disability,  injuries  or 
occupational  illness  that  may  result  in  hospitalization  of  at  least  three  personnel,  reversible 
significant  environmental  impact,  or  loss  exceeding  $1M  but  less  than  $1QM, 

Marginal 

3 

Could  result  in  one  or  more  of  the  following:  injury  or  occupational  illness  resulting  in  10 
or  more  lost  work  days,  reversible  moderate  environmental  impact,  or  loss  exceeding 
$100K  but  less  than  $1M. 

Negligible 

l  . . . . _ 

4 

Could  result  in  one  or  more  of  the  following:  injury  or  illness  resulting  in  less  than  10  lost 
work  days,  minimal  environmental  impact,  or  loss  less  than  $1QQK, 

J 

DcD.HIL-STM52.M1 


Mishap.  An  unplanned  event  or  series  of 
events  resulting  in  death,  injury, 
occupational  illness,  damage  to  or  loss  of 
equipment  or  property,  or  damage  to  the 
environment.  For  the  purposes  of  this 
document,  the  term  “mishap”  includes 
negative  environmental  impacts  from 
planned  and  unplanned  events  and 
accidents 


Severity  generally  does  not  change 
unless  an  engineering  design  change  is 
made 
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Background  -  ESOH  Risk:  Probability 


DoD_M  I  L-$TD-8BZ_C  02 
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Background  -  Revision  of  MIL-STD  882D  Underway 


►  882  already  provides  a  methodology  for  risk  management 

►  Revising  MIL-STD-882D  to  be  better  suited  for  Managing  Environmental  Issues  as  part  of  the 
Systems  Engineering  Process 

►  Tasks  are  being  added  to  address  environmental  considerations 

Task  105  -  Hazard  Tracking  System 

Task  107  -  Hazardous  Materials  Management  Plan  (HMMP) 

Task  210  -  Environmental  Hazard  Analysis 


Making  MIL-STD  882  more  “User  Friendly” 
for  Environmental  Professionals 
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Task  210  -  Purpose  and  Structure 


►  Purpose:  Use  System  Safety  process  to  identify  environmental  hazards,  assess  the 
associated  risk,  identify  potential  mitigation  measures,  implement  chosen  measures,  reassess 
the  risk,  and  obtain  formal  risk  acceptance 

►  Task  Structure: 

210.1  Purpose 

210.2  Task  Description 

•  Using  system  safety  process  and  risk  matrix 

•  Identifying  Environmental  Requirements  and  Hazards 

•  Environmental  analysis  considerations 

•  Reporting  Requirements 

210.3  Details  to  be  Specified 

•  Added  by  Government  to  Contract  Scope  to  Bound  the  Analysis 
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Task  210  -  Example  Hazard 


Example  -  Contaminated  Wash  Water  from  Nickel-Cadmium  Plated  Compressor  Blades  on  T -56  Turboprop  Engine 

Hazard 

Description 

Initial 

Severity 

Initial 

Prob. 

Initial  Risk 
Category 

Risk  Mitigation 

Target 

Severity 

Target 

Prob. 

Target 

Risk 

Category 

Status 

Contaminated 
wash  water  from 

Ni-Cd  Plated 
Compressor  Blades 

Cadmium 
contaminated 
wash  water 
effluent  a  NPS 
water  pollutant  in 
violation  of  State 
law  (regulation  of 
storm  water 
discharge/NPDE 

S)  with  potential 
for  citations  with 
fines,  and  civil 
and/or  criminal 
liability  for 
improper  disposal 
of  hazardous 
waste. 

Cadmium 
contaminated 
drinking  water 
can  result  in 
acute  and  chronic 
health  efforts. 

2 

B 

High 

100  percent  capture 
mandate  for  engine 
wash  water  requiring 
all  DoD  facilities  to 
capture,  contain,  and 
properly  treat  or 
dispose  of  wash 
water  effluent. 

3 

C 

Med 

This  Program  implemented  this  risk 
mitigation  measure,  verified  its 
effectiveness  in  reducing  the  risk, 
and  the  PM  accepted  the  FRC. 

However,  the  PM  directed  that  during 
subsequent  rework/upgrade  of  the  T- 
56  turboprop  engine  an  alternative 
risk  mitigation  measure  must 
eliminate  the  hazard. 

2 

B 

High 

Develop  new 
compressor  blades 
made  of  aluminum  to 
replace  the  Ni-Cd 
plated  blades.  New 
blade  design  will 
eliminate  the 
possibility  of  Cd 
leaching  into  the 
wash  water  effluent 
by  eliminating  the  use 
of  a  hazardous 
material. 

None 

None 

None 

The  Program  verified  that  new  Al 
blade  design  eliminated  the  hazard. 
Thus,  the  PM  had  no  risk  to  accept. 
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Task  210  -  Example:  Hazard  Description 


Hazard 

Description 

Contaminated 
wash  water  from 
Ni-Cd  Plated 
Compressor 

Blades 

Cadmium  contaminated  wash  water  effluent  a  NPS 
water  pollutant  in  violation  of  State  law  (regulation 
of  storm  water  discharge/NPDES)  with  potential  for 
citations  with  fines,  and  civil  and/or  criminal  liability 
for  improper  disposal  of  hazardous  waste. 

Cadmium  contaminated  drinking  water  can  result  in 
acute  and  chronic  health  efforts. 
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Task  210  -  Example:  Initial  Risk  Assessment 


Initial 

Severity 

Initial 

Probability 

Initial  Risk 
Category 

2 

B 

High 
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Task  210  -  Example:  What  is  the  Severity? 


OoO.MIL-STM82.OOl 
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Task  210  -  Example:  What  is  the  Probability? 
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Task  210  -  Example:  Mitigations  and  Target  Risk  #1 


Risk  Mitigation 

Target 

Severity 

Target 

Probability 

Target  Risk 
Category 

Status 

100  percent  capture 
mandated  for 
engine  wash  water 
requiring  all  DoD 
facilities  to  capture, 
contain,  and 
properly  treat  or 
dispose  of  wash 
water  effluent. 

3 

C 

Med 

This  Program  implemented 
this  risk  mitigation  measure, 
verified  its  effectiveness  in 
reducing  the  risk,  and  the 

PM  accepted  the  Final  Risk 
Category  (FRC). 

However,  the  PM  directed 
that  during  subsequent 
rework/upgrade  of  the  T-56 
turboprop  engine  an 
alternative  risk  mitigation 
measure  must  eliminate  the 
hazard. 
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Task  210  -  Example:  Mitigations  and  Target  Risk  #2 
(Program  Manager’s  Preference) 


Risk  Mitigation 

Target 

Severity 

Target 

Probability 

Target  Risk 
Category 

Status 

Develop  new 

None 

F 

Eliminated 

The  Program  verified  that  new  Al 

compressor  blades 

blade  design  eliminated  the 

made  of  aluminum  to 

hazard.  Thus,  the  PM  had  no 

replace  the  Ni-Cd 
plated  blades.  New 
blade  design  will 
eliminate  the 
possibility  of  Cd 
leaching  into  the  wash 
water  effluent  by 
eliminating  the  use  of 
a  hazardous  material. 

risk  to  accept. 
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Task  210  -  Example:  Assessed  Risk 


RISK  ASSESSMENT  MATRIX 


SEVERITY 

PROBABILITY 


Probable 

(B) 


Occasional 

(CJ 


Eliminated 

{F) 


Catastrophic 

(D 


High 


Initial  Risk 


■ 

Remote 

1 

fD) 

High 


Serious 


Critical 

(2) 


Marginal 

(3] 


Negligible 

(41 


High 


High 


High 


Serious 


Serious 


[Medium 
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Risk  Acceptance 

►  ESOH  Risk  must  be  accepted  prior  to  exposing  people, 
equipment,  or  the  environment  to  the  hazard 

-All  the  mitigations  must  be  verified  effective  and  the 
associated  risk  is  accepted  (by  appropriate  authority) 
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Questions 

►  Government  Client 

-  Sherman  G.  Forbes 

-  SAF/AQRE 

-  Acquisition  ESOH  Risk  Management 

-  Phone:  703-254-2480 

-  E-mail:  sherman.forbes@us.af.mil 

►  Presenter 

-  William  A  Thacker  Jr 

-  Booz  Allen  Hamilton 

-  Phone:(703)412-7757 

-  E-Mail:  thacker  william@bah.com 
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BACK  UP  CHARTS 
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Background 


►  System  environmental  risks  could  result  in  mission  and  operational  constraints  and  compliance 
burdens  for  receiving  installations,  training  ranges,  and  operational  units 

►  Influencing  design  decisions  is  typically  the  most  cost-effective  means  of  effecting  change  to 
a  system 

-  It  is  important  to  consider  potential  environmental  impacts  during  system  design  to  eliminate 
the  hazard  vice  manage  them  as  operational  constraints 

Restricted  times  /  intervals  of  operation 

Restrictions  on  locations  of  operation 

Negative  impact  of  the  environment 

Fines  and  costs  to  manage/mitigate  impacts 
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Background 


►  Early  identification  and  resolution  of  environmental  hazards  through  the  systems  engineering 
process 

-  Bring  environmentally-driven  requirements  to  the  table  early  in  the  process 


-  Provides  decision  makers  with  a  more  complete  and  relevant  picture  of  the  potential  risks 
associated  with  test,  operation,  sustainment,  and  disposal  of  the  system 

Advocate  for  funds  for  design  changes  or  plan  for  operational 
mitigations 


-  Helps  mitigate  the  risk  of  unplanned  technical,  schedule,  and  cost  impacts 
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DoD  Standard  Practice  for  System  Safety 


NOT  MEASUREMENT 
SENSITIVE 


MIL-STD-882D 

w/chan(;k  i 

Draft  Dated  7  June  2010 


SUPERSEDING 
MIU-STD-882D 
10  February  2000 

DEPARTMENT  OF  DEFENSE 
STANDARD  PRACTICE 

SYSTEM  SAFETY 

Environment,  Safety,  and  Occupational  Health 
Risk  Management  Methodology  for  Systems  Engineering 


AMSC  N/A  AREA  SAFT 


DRAFT 

M  IL-STD-882D 
w/CHANGE  1 

TASK  210 

ENVIRONMENTAL  HAZARD  ANALYSIS 

2 10.1  Purmowe.  TIjc  puipow  of  Task  210  (Environmental  Hazard  Analysis)  is  lo 
support  design  el  owl  npmenl  decisions  Ivy  identifying  potential  teaidc  te>  the  natural 
environment  resulting  from  ill*.-  development,  testing  deployment,  muinlenitnee  and  disposal  of  a 
system;  supporting  risk  acceptance  decisions  for  envrmttnonlal  hwrnk;  aid  providing  the 
itystetrospeeilte  data  k>  support  NEPA  and  1:0  1 2  I  H  requimments- 

2 1 0.2,  Task  doscrirtliwi,  Influencing  design  dee&iora  is  important  to  integrali  ng 
cnvimnntevital  considerations  inla  the  system  hccause  it  is  rypi  cal  ly  the  most  cost-effective 
means  of  effecting  change  in  an  acquisition  program.  Cenvereely.  early  design  decisions  made 
without  consideration  of  environmental  requirements  may  result  in  environmental  impacts  that 
cannot  be  easily  designed  nut  and  will  require  mitigation  later  in  die  acquisition  process,  These 
issues  could  polenliall y  result  in  mission  and  operation;!  I  constraints  rmd  compliance  burdens  for 
reeeiving  install  a!  ions,  training  ranges,  and  operational  training  units. 

2 1 0.2. 1 .  The  e  I  imi  nation  Or  reduction  of  environmental  risk  '■villi  an  informed  and 
structured  risk  assessment  and  acceptance  process  is  essential  for  positively  contributing  to  a 
program’s  efforts  in  meeting  the  system’s  tite-eyele  cost,  schedule,  and  performance 
requirements.  Early  identification  and  resolution  of  ESOlIhuran!?  into  the  systems  engineering 
process  provides  deei  sion  makers  with  a  more  complete  and  relevant  picture  of  the  potential  risks 
assoc  ink'll  with  the  lest.  operation,  sustainment .  and  disposal  of  n  system  and  wi  II  help  mil  igate 
the  risk  of  unplanned  technical,  schedule,  and  cost  impacts.  The  ESOH  risk  management 
process  uses  risk  analysis  matrices  hosed  on  the  requirements  in  this  standard  The  risk  matrices 
define  probability  and  severity  criteria  to  categorize  environmental  risks  lor  i  dent  died 
environment  ;il  hazards. 

2 1 0.2.2.  1  fsina  the  system  sqfet  y  process  and  risk  matrices..  The  system  safety  process 
alia! I  he  used  across  the  HKOH  disciplines  to  identity'  hazards  and  eliminate  or  mitigate  risks 
through  the  systems  engineering  process.  When  assessing  enviromnenial  hazards,  the  S-slep 
system  safely  process  in  Section  4  of  tins  standard  vital  I  be  followed.  Tlie  severity  and 
probability  of  potential  misliap(s)  for  each  hazard  shall  he  assessed  using  the  matrices  in  Tables 
L  It.  and  III  of  this  standard  unless  tailored  matrices  have  been  formally  approved  for  use  by  the 
program.  Severity  shall  consider  how  Hie  system  will  he  operated-  In  addition,  the  analysis  shall 
identify  and  quantify'  hazardous  materials  used  in  or  generated  throughout  the  system  lifecycle 
and  shall  outline  potent  in  I  environmental  impacts  associated  with  the  system  "s  operation.  When 
detenu ining  hazard  mitigations,  tltc  hazard  assessment*  should  consider  the  ntitigdtiun  impact  to 
all  Lhree  ESOI I  disciplines,  us  well  us  oilier  app  livable  systems  engineering  disciplines,  to 
identify  the  optimal  ESOI  I  mitigation  forhazard(s>.  This  will  prevent  mitigation  measures  from 
being  optimized  for  only  one  of  the  ESOI  I  disciplines,  which  could  create  hazards  in  other 
ESOH  disciplines. 

2 1 0-2-3-  Environmental  risks.  There  are  three  basic  types  of  emdronmental  risks : 
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